|
Consulting Security Assessment & Testing Co-Sourcing Managed Security Services Internal Controls Risk Assessment Sarbanes 404 Technology Audits Application Security Fraud Detection Information Request Contact Us |
Managed Security ServicesThe more your firm seeks to avail itself of the advantages of technology-based communications, the more accurate and comprehensive your internal security services must be. Are you confident that your security management procedures and policy provide ongoing security vulnerability identification and implement counter measures timely? Can you answer the below questions with confidence?Access Point Controls You have network connectivity between your remote offices and your data center using the Internet and robust Firewalls in place to protect your network and resources. You have independent Internet vulnerability tests of these firewalls, and reasonable assurances this communication channel is secure. But will it be secure when your IT department or ISP (Internet Service Provider) change settings or add functionality to this communication channel? Are your security change management procedures robust? Are you certain these procedures are in place, functioning and can be relied upon? Those new powerful laptops you just distributed to your sales and executive team came with both WI-FI (WIreless FIdelity) and Internet Broad Band capability. You have confidence that your broad band provider [e.g Sprint/AT&T/Verizon etc.] provides secure communications, but what if your employee unknowingly uses the airport's WI-FI connectivity instead? Is that information secure? Can the person sitting 10 feet away read all your communications, or worse, access your network? What happens when your executive, attending a conference that is out of broad band range, connects their laptop to the hotel's free high speed internet connection--is the hotel's ISP providing you the protection the laptop is depending on when it was configured by your IT group? Can other people using that ISP now access your network? Sensitive Data Storage Do you know where sensitive data such as Social Security Numbers, bank account routing numbers and health records are stored? Can employees download and store this information onto laptops that could be stolen? Is the hard drive of these laptops encrypted? Do you require BIOS (Basis Input Output System) passwords for these laptops? When this information is backed up to off-site tape storage, is the information encrypted and accessed only by using a secure password? Changes in Attack Vectors What procedures does your firm take to recognize changes in the approach "bad guys" use to circumvent existing security methods and layers of protection? Does your risk assessment and change management methodology address the ever-increasing sophistication and complexity of attack methods and assess your current network countermeasures? These are just a few examples of why your enterprise security model must constantly embrace the security landscape of your firm, pro-actively identify security threats and implement countermeasures timely. At FDC Associates our enterprise security consulting is not a confusing bundle of issues, it is our bread and butter. Call us to discuss your enterprise security measures, including:
|
|